Spyware for Firefox Coming This Year? 630
EvilCowzGoMoo writes "One of the main reasons for the Firefox browser's successful seizure of market share from Microsoft's Internet Explorer is the desire to escape the inundation of PC-slowing spyware. However, spyware experts indicate that with its increased popularity, Firefox itself will become a target for spyware creators." From the article: "Basically, if you use Firefox today, you're not susceptible to any spyware, other than what you download when you're on Kazaa...The spyware writers target mostly Explorer users because that's the most fertile feeding ground for piranha-like (spyware) attacks. They'll watch as Firefox becomes mainstream, they'll see opportunity there and start targeting them."
Re:Duh. (Score:2, Informative)
FreeBSD, Linux, and MacOS X would still be a less vulnerable target. Worst cast scenario, delete ~/.mozilla/firefox (~/Library/Application Data/Firefox), start over.
The reason Windows is such a mess is that there's no 'easy' way to clean up the mess. You could wipe out the user's entire home directory on Windows and still be screwed. On a *nix based system, wiping out the home directory would usually fix you right up.
I've already seen some... (Score:5, Informative)
Re:...and.... (Score:5, Informative)
Note that older versions of Firefox (and Mozilla) don't have the whitelist, and even older ones don't even have the dialog and are in fact vulnerable.
Re:IE and Firefox have different problems (Score:5, Informative)
Supposedly.
If nothing else, at least it has a rating and feedback system, so you'll have a heads up from others.
Re:I got spyware from Firefox (Score:2, Informative)
Re:I got spyware from Firefox (Score:1, Informative)
"ISTbar is an IE toolbar, homepage- and search-hijacker provided by Integrated Search Technologies/CDT Inc."
It was probably installed by an application that is using embedded IE (ie. an activex object). Why would someone target firefox only to install an IE only browser 'helper'
"Expert"? (Score:5, Informative)
Their other expert is also from a company that makes similar software. So people who make anti-spyware software agree: you need anti-spyware software.
I'll be more concerned when independent parties think spyware in Firefox is an issue.
Re:I got spyware from Firefox (Score:4, Informative)
Probably didn't come through Firefox.
Re:I got spyware from Firefox (Score:1, Informative)
Re:I got spyware from Firefox (Score:2, Informative)
http://securityresponse.symantec.com/avcenter/ven
or here:
http://securityresponse.symantec.com/avcenter/ven
for information about that spyware program. It's very likely that you contracted it in another way than some unknown exploit in FireFox. What email program are you using for example? Outlook Express maybe?
Re:Java spyware? (Score:3, Informative)
they'd have the same access as a regular desktop java-app?
No. Java Applets have always been sandboxed and run with a security manager that disallows reading/writing to the hard disk and connecting to any network domain but the one that the applet came from.
So yes, you could run it, but the applet can't actually see or do anything outside of itself.
Not Worried (Score:2, Informative)
And that's why there's an option to "Allow websites to install software (extensions)." Just be sure you limit these sites to Mozilla-related sites (like mozilla.org and mozdev.org) and you will be fine.
I've actually had some borderline-illegal sites try to install Mozilla extensions (XPI's) as well, and the built-in protection scheme stopped it cold.
Just be thankful that there's no "code" to exploit (like the ActiveX component in IE) in Firefox.
Re:Duh. (Score:3, Informative)
This is untrue.
So the user you log into a XP machine with is in the equivalent of a user in the root or wheel group IMO...
This is mostly untrue, because being in the Administrator group in Windows gives you exactly the same abilities as the Administrator user account, with no extra step needed to escalate your own privledges.
Re:Been here a while (Score:3, Informative)
Example is here [cracks.am] (NSFW), try to download a file if you want to see what I mean.
All right, I'll bite.
Middle-click on link to open in new tab. Deny www.cracks.am from setting a cookie. Click the letter "C" in the alphabetical set of links. Click the link for "C++ Editor v1.0". Deny install.xxxtoolbar.com from setting a cookie. Click the "Download a File" button. Then two dialog windows appear. One is titled "JavaScript Application" and says "Download ABORTED -- You must click YES". Hitting "OK" (the only button on that window) lets me access the other window.
The other window is a standard Firefox download window saying "You have chosen to open C++_Editor_v1.0.zip which is a: ZIP file from: http://www.cracks.am/", etc. Clicking "OK" for the default choice, which is "Open with /usr/bin/file-roller", gives me a look inside a zip file filled with wholesome-looking files with names like iNFECTiON.nfo.
Meanwhile the web page itself complains "Download Error - wrong URL! Please turn off any download managers" even though the ZIP file appears to have downloaded fine.
Using the packaged version of Mozilla Firefox on Debian GNU/Linux (unstable), version 1.0+dfsg.1-5. Also using Privoxy as a proxy; don't know whether this made a difference. Conclusion: at least on this platform, installing unsigned XPIs isn't going to work on a properly updated Firefox.
Re:I got spyware from Firefox (Score:3, Informative)
(It works with Mozilla and Firefox too, but MS always likes to call them Netscape...)
Re:I doubt it ... (Score:3, Informative)
Re:Duh. (Score:1, Informative)
Re:Love Firefox, but can dump IE (Score:2, Informative)
Re:Malicious XPI's exist already (Score:2, Informative)
I've had Spybot S&D rate cookies accepted by Firefox as spyware; I haven't met any malicious XPI's just yet.
Re:"Expert"? (Score:1, Informative)
How about this:
Computer Associates Director of Malicious Content Research Roger Thompson said although spyware for Firefox this year is possible, it is unlikely.
Re:Malicious XPI's exist already (Score:3, Informative)
http://www.dillo.org/ [dillo.org]
It has all the features you need.
I need other features, and I use Firefox + extensions.
Re:"Expert"? (Score:3, Informative)
The difficulty with people in a VP position is there's no way of knowing if they have a technical background; I was part of a small startup company where our VP of engineering was also a primary developer, but it's not necessarily the case. My gut reaction is he's just presenting information that he thinks is in the best interest of the company - which, afterall, is his job.
Check out this Firefox-only exploit (Score:2, Informative)
Details here: http://www.shmoo.com/idn/homograph.txt [shmoo.com]
Watch the exploit in action here: http://www.shmoo.com/idn/ [shmoo.com]
To patch this (in most browsers):
1) Goto your Firefox address bar. Enter about:config and press enter. Firefox will load the (large!) config page.
2) Scroll down to the line beginning network.enableIDN -- this is International Domain Name support, and it is causing the problem here. We want to turn this off -- for now. Ideally we want to support international domain names, but not with this problem.
3) Double-click the network.enableIDN label, and Firefox will show a dialog set to 'true'. Change it to 'false' (no quotes!), click Ok. You are done.
4) Go check out the shmoo demo (above) again and notice it no longer works.
Re:Malicious XPI's exist already (Score:4, Informative)
If you go to about:mozilla in any of the Firefox browsers (Netscape too - heck, even IE since it was based on netscape, but it just shows a blue screen), it will pull up a page from "The Book of Mozilla", most of them have references to a great bird rising from ashes, or something similar to that effect. If they were in Netscape then they clearly predate Firefox, however, I believe the names Phoenix and Firebird were probably based around them. Wikipedia's entry on The Book of Mozilla [wikipedia.org], no doubt it explains it on there, I'm too lazy\busy to read through it.
Re:IE and Firefox have different problems (Score:5, Informative)
Re:Duh. (Score:3, Informative)
Re:IE and Firefox have different problems (Score:3, Informative)
Isn't it already? In order to install an extension from somewhere other than mozdev, I have to add the site to a list of approved extensions sources.
The difference? (Score:3, Informative)
Firefox is already vulnerable to spyware... (Score:3, Informative)
Re:Malicious XPI's exist already (Score:4, Informative)
Internet Exploder was not based upon Netscape, but it was based upon the Mosaic Web Browser.
Here's what it says in the "About Internet Explorer" dialog
They got the term for the Open source project Mozilla from Netscape's Original code name which is a contraction of Mosaic + Godzilla (i.e. Mosaic killer [webopedia.com]), and was coined by Jamie Zawinski (jwz) when Netscape's primary competition was Spyglass Mosaic.">
In other words, Mozilla/Netscape and Mosaic/Internet Explorer are not based on one another, they have nothing to do with one another except they're competing web browsers.
Re:Malicious XPI's exist already (Score:1, Informative)
Re:Malicious XPI's exist already (Score:5, Informative)
1 [freebsd.org] 2 [freebsd.org]
Re:Malicious XPI's exist already (Score:3, Informative)
> You're an idiot
It grieves me to say this: but Mr.AC you're right!
I'm also a buffoon and a fool to boot.
Please feel welcome to mod my original post as: -5, Bonkers
Short answer: I failed to parse the BBC's privacy statement [bbc.co.uk] or do a whois on 2o7.net.
As other have mentioned, the BBC (or rather a 3rd party they've contracted) are tracking users and obviously a few other things aswell.
Any future reports from me of spyware on *nix are to be viewed with scepticism and should be modded accordingly.
Re:Malicious XPI's exist already (Score:3, Informative)
Re:Malicious XPI's exist already (Score:3, Informative)